tremoved obsolete manual - tomb - the crypto undertaker HTML git clone git://parazyd.org/tomb.git DIR Log DIR Files DIR Refs DIR README DIR LICENSE --- DIR commit 850b76d0347bb5e6742a757a4e414ad9bf566cbe DIR parent b07224beab58a1dc94dfa410bde5eafafed53a52 HTML Author: Jaromil <jaromil@dyne.org> Date: Thu, 23 Jul 2015 15:27:40 +0200 removed obsolete manual Diffstat: D doc/Tomb_User_Manual.org | 335 ------------------------------- 1 file changed, 0 insertions(+), 335 deletions(-) --- DIR diff --git a/doc/Tomb_User_Manual.org b/doc/Tomb_User_Manual.org t@@ -1,335 +0,0 @@ -#+TITLE: Tomb User Manual -#+AUTHOR: Jaromil @ Dyne.org - -#+LaTeX_CLASS: article -#+LaTeX_CLASS_OPTIONS: [a4,onecolumn,portrait] -#+LATEX_HEADER: \usepackage[english]{babel} -#+LATEX_HEADER: \usepackage{amsfonts, amsmath, amssymb} -#+LATEX_HEADER: \usepackage{ucs} -#+LATEX_HEADER: \usepackage[utf8x]{inputenc} -#+LATEX_HEADER: \usepackage[T1]{fontenc} -#+LATEX_HEADER: \usepackage{hyperref} -#+LATEX_HEADER: \usepackage[pdftex]{graphicx} -#+LATEX_HEADER: \usepackage{fullpage} -#+LATEX_HEADER: \usepackage{lmodern} -#+LATEX_HEADER: \usepackage[hang,small]{caption} -#+LATEX_HEADER: \usepackage{float} -#+LATEX_HEADER: \usepackage{makeidx} -#+LATEX_HEADER: \makeindex - -*Abstract*: Tomb is a cryptographic application that helps you store - private and confidential data into volumes secured by keys and - passwords. It works on GNU/Linux operating systems, both for desktop - and remote shell usage, presenting users with with an intuitive - command-line interface. This manual will outline the basic usage of - Tomb, from getting started to the everyday drill, plus tips and - recommendations on advanced usage and data safety. - -#+KEYWORDS: Crypto, Storage, Luks, Cryptsetup, DM-Crypt, Privacy, Secrecy - -#+EXCLUDE_KEYWORD: noexport - - - -[TABLE-OF-CONTENTS] - -#+LATEX: \newpage - -* This user manual is obsolete, please refer to *man tomb* - -* Why Tomb? - -** Privacy and freedom - -The internet offers plenty of free services, on the wave of the Web2.0 -fuzz and the community boom, while all private informations are hosted -on servers owned by global corporations and monopolies. - -It is important to keep in mind that no-one else better than *you* can -ensure the privacy of your personal data. Server hosted services and -web integrated technologies gather all data into huge information -pools that are made available to established economical and cultural -regimes. - -*This software urges you to reflect on the importance of your -privacy*. World is full of prevarication and political imprisonments, -war rages in several places and media is mainly used for propaganda by -the powers in charge. Some of us face the dangers of being tracked by -oppressors opposing our self definition, independent thinking and -resistance to omologation. - -#+BEGIN_QUOTE - "The distinction between what is public and what is private is - becoming more and more blurred with the increasing intrusiveness of - the media and advances in electronic technology. While this - distinction is always the outcome of continuous cultural - negotiation, it continues to be critical, for where nothing is - private, democracy becomes impossible." - -(from [[http://www.newschool.edu/centers/socres/privacy/Home.html][Privacy Conference, Social Research, New School University]]) -#+END_QUOTE - - -** Who needs Tomb - -[[file:tomb_and_bats.png]] - -Tomb improves the usability patterns of every-day cryptography and -relies on military-grade algorithms to grant a level of secrecy for -stored data that is very hard to break by most military organisations -and law enforcement agencies. - -Our target community are GNU/Linux users with no time to click around, -sometimes using old or borrowed computers, operating in places -endangered by conflict where a leak of personal data can be a threat. - -For example, if one doesn't owns a laptop or simply doesn't likes to -carry a computer around, Tomb functions as a secure on-line and -off-line storage for data and programs. On a desktop computer, Tomb -can store some files locked using a /key/ which can be carried with -you and hidden into images. Tomb can do that also on a remote shell -and setup a ready environment every time its opened by mounting -personal directories in place using /bind hooks/. - - -** Under the Hood - -Tomb provides military-grade encryption at the reach of your -fingertips, fostering best practices and saving users the time to look -into the details of /LUKS/ volumes and /cryptsetup/. Rather than -reinventing the wheel, Tomb relies only on peer-reviewed, free and -open source software components: at its core is DM-Crypt[fn:dm-crypt] -which is part of the Linux kernel architecture. - - -For better clarity, Tomb is written in shell script and its code can -be reviewed any time. More specifically, Tomb is written in ZSh, but -can be used also from Bash. - -Tomb is written in a way that promotes privilege separation: a system -can let its users execute the script as root, resting assured that it -will drop privileges when unneeded. - -The key files in Tomb are generated using high entropy random and -protected via symmetric cryptography using GnuPG. The combination of a -key and its password allow to open a tomb: the key contents are used -to encrypt LUKS volumes mounted in loopback. The password is asked -using /Pinentry/ programs to protect from common software keyloggers -and measures are taken to avoid leaving traces on any permanent -storage. - -** Yet another tool? - -\index{dyne:bolic} - -Tomb is an evolution of the /Nesting/ tool developed in 2001 for the -[[http://www.dynebolic.org][Dyne:bolic GNU/Linux distribution]]: a /nomadic system/ to encrypt the -Home directory of users and have it ready for use on different -machines. At that time, Tomb was the first secure implementation of -what nowadays we call /persistent storage/ in live operating systems. - -[[file:foster_privacy.png]] - -Later on we've felt the urgency to publishing this mechanism for other -operating systems than dyne:bolic since the current situation in -personal desktop encryption is far from optimal. Let's have a look. - -\index{truecrypt} [[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries -so that its code is hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free -operating system distributors because of liability reasons, see -[[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]], [[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]]. For these and other reasons - -presumably very sad ones for its users - Truecrypt has also been -discontinued. - - -\index{cryptkeeper} -[[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main -advantage consists in not needing root access on the machine it's -being used. But Cryptkeeper still has drawbacks: it uses [[http://www.arg0.net/encfs][EncFS]] which -implements weaker encryption than dm-crypt and it doesn't promotes the -separated storage of keys. - -At last, the [[https://we.riseup.net/debian/automatically-mount-encrypted-home][Encrypted home]] mechanisms on operating systems as Debian -and Ubuntu adopt encryption algorithms as strong as Tomb does, but -they need to be configured when the machine is installed, they cannot -be easily transported and again they don't promote separated storage -of keys. - -With Tomb we try to overcome all these limitations providing /strong -encryption/, encouraging users to /separate keys from data/ and -letting them transport tombs around easily. Also to facilitate -auditing and customization we intend to: - - - write code that is short, readable and well documented - - use commonly available shared components whenever possible - - facilitate integration into desktop and graphical interfaces - - keep the development process open and distributed using Git - - distribute Tomb under the GNU General Public License v3 - -If you believe this is a worthy effort, you are welcome to [[http://dyne.org/donate][support it]]. - -* TODO Getting Started - -** Build - -Tomb at its core consists of a single Z-Shell script which has to be run as root, plus a few common dependencies that must be present on the system: - - - *Zsh* http://www.zsh.org - - *Cryptsetup* - - *Sudo* - - *GnuPG* http://www.gnupg.org - - *Pinentry* - -Provided the programs above are installed and root access is available on the system, *the impatient user can just skip the rest of this section, download the bare Tomb script and use it*. The nitpickers out there are right to wonder about running a script as root, so please be welcome to [[http://tomb.dyne.org/codedoc][review Tomb's code]]. Those running on [[http://www.dynebolic.org][Dyne:bolic GNU/Linux]] can simply skip this step since our operating system already contains a fully featured version of Tomb. - -In addition to the core script there are a number of optional packages that, if present on the system, will be used by Tomb to enhance the user experience, add features and improve security. - -To start a full build make sure you know some command-line basics, then [[http://files.dyne.org/tomb/releases][download the full stable source distribution of Tomb]], unpack it and read on. - -: tar xvfz Tomb-1.3.tar.gz -: cd Tomb - -Be welcome to the making of your tomb. - -*** Security extras - -To make the steganography feature available, that is the possibility to hide keys inside images, one needs to install the *steghide* software on your system. - -To insure secure deletion of all Tomb traces temporary written in memory or on storage by Tomb, one should install *wipe*. - -To enable the anti-bruteforce feature, KDF libs should be installed and they often require a recent version of GLib-2[fn:debglib] - -[fn:debglib] On Debian 6.0 for instance the version of GLib-2 is too old and should be installed from source or from backports - -*** Usability extras - -To have a progress bar that informs about the status of tomb creation steps, one should install *dcfldd* which is an enhanced version of the simple /dd/ UNIX tool. - -If Tomb is used locally on a graphical desktop, one might prefer to use a graphical dialog to input the password, then install *pinentry-gtk* or *pinentry-qt*. - -To compile the *gtk-tray* component that shows the open tomb in your desktop tray, make sure the following packages are installed (this list matches package names for Debian/Ubuntu distributions: - -: build-essential autoconf libtool gtk2.0-dev libnotify-dev zsh pinentry-curses pinentry-gtk2 - -*** Binary builds - -Once all the extra dependencies are in place on your system, to build the gtk-tray or the KDF components, one should run the usual commands: - -: ./configure -: make - -This will autodetect the capabilities of the system and build binary helper applications needed for those two extra functions. Any other feature in Tomb does not require compiling anything. - -** Installation - -After running the configure-make combo to compile binaries it is -possible to simply use *make install* to copy several files in place, -including the main tomb script, image resources for the gtk pinentry -and manuals. - -Assuming the prefix is /usr/local paths for installation are: - - - /usr/local/bin/tomb - - /usr/local/share/tomb - - -*** Multi-user systems - -When installed on systems used by multiple users, Tomb can be made -available to all of them even without granting root access. Simply add -this line to */etc/sudoers* (using the visudo command as root) for -each user you like to enable to build and use tombs: - -: username ALL=NOPASSWD: /usr/local/bin/tomb - -Tomb is built with this possibility in mind and its code is reviewed -to make this setup safe, so that a user cannot escalate to the -privilege of a full root shell on the system, but just handle Tombs. - -* Tombs in your pockets - -* Tombs in the clouds - -** Server requirements - -When creating a tomb make sure the device mapper is loaded among kernel modules -or creation will fail and leave you in the dust. - -modprobe dm_mod -modprobe dm_crypt - -** Automatic doors - -When logging out of a server it is very easy to forget and leave -behind open tombs. - -Using a simple cronjob will make sure that all tombs on server are -closed automatically if the user who opened them is no more logged in: - -#+BEGIN_EXAMPLE -#!/bin/zsh -PATH=$PATH:/usr/local/bin -tombs=`find /media -name "*tomb"` -for i in ${(f)tombs}; do - { test -r ${i}/.tty } && { - tty=`cat ${i}/.tty` - uid=`cat ${i}/.uid` - if [ -r ${tty} ]; then - ttyuid=`ls -ln ${tty} | awk '{print $3}'` - { test "$ttyuid" = "$uid" } || { tomb close ${i} } - else tomb close ${i}; fi - } -done -return 0 -#+END_EXAMPLE - -This script assumes all tombs are opened inside the /media folder and -that the 'tomb' script is included in root's PATH. Feel free to adapt -it to your needs and then add it to root's cronjob so that it is run -every minute. - -** Lack of entropy - -To create a tomb key on a server (especially VPS) the problem becomes -the lack of available entropy. Generating keys on a desktop (using -the *forge* command) is the best choice, since entropy can be gathered -simply moving the mouse. Anyway, in case there is no GNU/Linux -desktop, one can try generating keys directly on the server in a -reasonable time usi EGD, the Entropy Gathering Daemon. - -On Debian/Ubuntu, install these packages: - -: # apt-get install libdigest-sha1-perl -: # apt-get install ekeyd-egd-linux - -Then check ekeyd's default configuration in: - -: /etc/default/ekeyd-egd-linux - -Then download EGD from its website http://egd.sourceforge.net and -finally start both EGD and ekeyd: - -: perl ./egd.pl # from inside EGD source directory -: /etc/init.d/ekeyd-egd-linux start # as root on debian - -You should see both daemons running, they will feed as much entropy as -they can gather from various sources. Usually one will experience a -burst of entropy when they are launched, then the stream keeps going -rather slow anyway. - - -* Acknowledgments - -The development of Tomb was not supported by any governative or -non-governative organization, its author and maintainer is an European -citizen residing in the Netherlands. - -Test cases for the development Tomb have been analyzed through active -exchange with the needs of various activist communities, in particular -the Italian [[http://www.hackmeeting.org][Hackmeeting community]] and the mestizo community of -southern Mexico, Chapas and Oaxaca. - -* Alphabetic Index - - -\printindex